The Beginning of EU Data Protection

González Fuster, Gloria

doi:10.1007/978-3-319-05023-2_5

Gloria González Fuster³

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 16))

4281 Accesses

Abstract

The European Union (EU) started to get involved in the regulation of data processing at the beginning of the 1970s. This chapter describes the initial steps of its involvement, and studies the crystallisation of EU legislation on (personal) data protection, up to the adoption of the EU Charter of Fundamental Rights in 2000. Chronologically, these developments partially overlap with those explored in the previous chapters, as well as with the evolution described in the following one, which traces the birth of the notion of EU fundamental rights, and examines its relationship with personal data protection.

Everything flows.(Teenage Fanclub 1990)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
On the role of the European Parliament in the development of EU personal data protection, see notably: (Bigo et al. 2011).
2.
See, for instance: (Commission of the European Communities 1972).
3.
See also: (Commission of the European Communities 1973b). The responsible Commissioner for Industrial Affairs, General Research and Technology and the Joint Research Centre (JRC) was at the time Altiero Spinelli.
4.
The need to consider the link between concrete initiatives related to support of the data processing sector and policy in general had already been advanced in another document, the 1973 Commission’s Scientific and Technical Policy Programme (Commission of the European Communities 1973a).
5.
Oral question No 193/73 with debate, pursuant to Rule 47 of the Rules of Procedure by Mr Cousté on behalf of the Group of European Progressive Democrats to the Council of the European Communities [1974] OJ C40/21.
6.
See Chap. 3, Sect. 3.1.4, of this book.
7.
Ibid.
8.
The name of the Council representative was Mr Apel. The sitting took place on 13 March 1974 (General Secretariat of the Council of the European Communities 1974, p. 14).
9.
Oral Question No. 193/73, with debate, on protecting the privacy of the Community’s citizens, OJ Debates of the European Parliament No 173 (March 1974) 35.
10.
Ibid. 36 (in line with German terminology).
11.
Ibid (in line with approaches discussed at the time in the UK).
12.
Ibid.
13.
Legal Affairs Committee of the European Parliament, Interim Report drawn on behalf of the Legal Affairs Committee on the protection of the rights of the individual in the face of developing technical progress in the field of automatic data processing (Rapporteur: Lord Mansfield), Working Documents 1974–1975, Document 487/74, PE 39.608/fin, 19.2.1975, p. 14.
14.
Ibid.
15.
Ibid.
16.
Ibid. p. 3.
17.
William David Murray, 4th Earl of Mansfield and Mansfield.
18.
PE 39.608/fin, p. 11.
19.
Resolution of the European Parliament on the protection of the rights of the individual in the face of developing technical progress in the field of automatic data processing [1975] OJ C60/48.
20.
Ibid. paragraph 1.
21.
Ibid. paragraph 2.
22.
PE 39.608/fin, p. 7.
23.
Ibid. The report also mentions progress in the US (ibid. p. 12).
24.
PE 39.608/fin, p. 7.
25.
Ibid.
26.
Ibid. p. 9.
27.
Resolution of the European Parliament of 8 April 1976 on the protection of the right of the individual in the face of developing technical progress in the field of automatic data processing, OJ [1976] OJ C100/27.
28.
Ibid.
29.
Although Sweden had already adopted a national-level data protection instrument, it was not a Member State of the EC at the time.
30.
Ibid.
31.
Ibid.
32.
European Parliament, Report drawn up on behalf of the Legal Affairs Committee on the protection of the rights of the individual in the face of technical developments in data processing (Rapporteur: Mr A. Bayerl), Working Documents 1979–1980, Document 100/79, 4.5.1979, p. 3.
33.
Ibid. p. 13. The public hearing took place in Brussels on 6 February 1978.
34.
Ibid. p. 18.
35.
Council Decision of 27 September 1977 adopting a series of studies in support of the use of informatics (77/616/EEC) [1977] OJ L255/25.
36.
Ibid. p. 26. The study was grounded on the idea that ‘the development of informatics applications calls for an examination of the problems of data security and confidentiality and of the technical, legal and social aspects thereof, in particular with a view to protecting citizens in respect of the use of informatic facilities’ (ibid. p. 25).
37.
Ibid. p. 26.
38.
See also: (Commission of the European Communities 1982, p. 7).
39.
In the UK, the Lindop Report was being discussed (Commission of the European Communities 1982, p. 5).
40.
The study noted that among laws adopted and entered in force, only the laws from Austria, Norway and Denmark protected in the same way the data related to physical persons and the data concerning moral persons, but that Luxembourg had aligned itself in that sense too (Bancilhon et al. 1979, p. 2). The authors also stressed that, during negotiations for the OECD Guidelines, US representatives had strongly opposed the idea of extending protection to the data related to moral persons, arguing there was no necessity (Bancilhon et al. 1979, p. 3).
41.
Resolution of the European Parliament on the protection of the rights of the individual in the face of technical developments in data processing [1979] OJ C140/34.
42.
Ibid. p. 35.
43.
Ibid.
44.
Ibid. p. 36.
45.
Ibid. p. 35.
46.
Ibid. p. 36.
47.
Recommendations from Parliament to the Commission and Council pursuant to paragraph 10 of the motion for a resolution concerning the principles which should form the basis of Community norms on the protection of the rights of the individual in the face of developing technical progress in the field of data processing (ibid. p. 37).
48.
Ibid. Sect. I of the Recommendations.
49.
Ibid. Sect. II of the Recommendations.
50.
Ibid. p. 38 and 36 (in particular, paragraphs 13 and 14).
51.
Data protection in the Community: Oral question with debate (Doc. 1-287/79) by Mr van Aerssen and Mr Alber [1979] OJ Debates of the European Parliament No 245 (September 1979) 15–26.
52.
Ibid. p. 19.
53.
Ibid.
54.
Ibid.
55.
Ibid. p. 20.
56.
Ibid.
57.
Commission Recommendation of 29 July 1981 relating to the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data [1981] OJ L246/31, recital 5.
58.
Ibid. p. 31.
59.
Ibid paragraph 2 of Sect. I.
60.
Ibid.
61.
The quality and quantity of cross-frontier data flows; the organisational character and technical functioning of data protection bodies; the problem of legal personality (individual and legal entities); the technical aspects of the right of access to data-registers; and the control, audit and implementation of requirements relative to confidentiality and their impact on data security (Commission of the European Communities 1982, p. 7).
62.
It was agreed that shall be studied in particular the protection of data in the light of the new information and communication technologies; technologies applicable to data protection and security; personal data and the automatic decision-making process; the impact of international data protection regulations on sectors most concerned with information; system design and data protection; freedom of access to information and data protection; data banks, distributed systems and data protection (Commission of the European Communities 1982, p. 30).
63.
Resolution of the European Parliament of 9 March 1982 on the protection of the rights of the individual in the face of technical developments in data processing [1982] OJ C87/39.
64.
Ibid. p. 40.
65.
Ibid.
66.
Council Decision of 10 April 1984 amending Decision 79/783/EEC adopting a multiannual programme (1979 to 1983) in the field of data processing (84/254/EEC) [1984] OJ L126/27.
67.
Ibid. p. 31. In November 1984, nonetheless, the Council decided that further studies on ‘confidentiality and data security’ would be devoted to ‘the confidentiality and security of data and software with a view of developing tools for users’ (Council Decision of 22 November 1984 amending Decision 79/783/EEC in respect of general measures in the field of data processing (84/559/EEC) [1984] OJ L308/49). Among such tools was identified a ‘Data protection guide for European users’, ‘data protection’ being understood in this context as a technical feature applicable to data (Call for proposals for projects relating to the security and protection of data, the protection of computer programs and the vulnerability of the information society (85/C 204/02) in Commission Communication in the field of data processing: Notice of a call for proposals for projects relating to the security and protection of data, the protection of computer programs and the vulnerability of the information society (85/C 204/02) [1985] OJ C204/2).
68.
On Schengen cooperation and the protection of personal data, see, notably: (E. Brouwer 2008).
69.
Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders, 19 June 1990.
70.
Article 92 of 1990 Schengen Convention.
71.
Ibid. Chap. 3.
72.
Ibid. Article 117. See also Article 126.
73.
Recommendation No R (87) 15 of the Committee of Ministers of the Council of Europe regulating the use of personal data in the police sector, adopted on 17 September 1987). See Article 129 of 1990 Schengen Convention.
74.
Article 114(1) of 1990 Schengen Convention.
75.
Ibid. Article 114(2).
76.
Ibid. Article 109(1).
77.
Communication of information to the data subject shall in any case be refused if indispensable for the performance of a lawful task in connection with the alert, or for the protection of the rights and freedoms of third parties, and, in any event, during the period of validity of alerts for the purpose of discreet surveillance.
78.
Ibid. Article 110. Qualifying them as ‘well established’ rights: (Zerdick 1995, p. 71).
79.
Article 112(1) of 1990 Schengen Convention.
80.
Ibid. Article 118.
81.
Ibid. Article 115.
82.
The 1990 Convention mentioned ‘private homes’ when establishing that officers carrying out certain surveillance measures were in any case not entitled to enter ‘into private homes and places not accessible to the public’ (Article 40(3)(e) of 1990 Schengen Convention).
83.
The 1990 Convention referred only to the protection of the rights and freedoms of third parties as a legitimate ground to refuse communication of information to the data subject (Article 109(2) of 1990 Schengen Convention).
84.
Hereafter, COM(90) 314 final. The proposals were also published, without explanatory memorandums, in: [1990] OJ C277/1. On the Communication, see: (Papapavlou 1992).
85.
Proposal for a Council Directive concerning the protection of individuals in relation to the processing of personal data (SYN 287). The proposal was transmitted to the Council on 27 July 1990, and to the European Parliament on 3 October 1990.
86.
Proposal for a Council Directive concerning the protection of personal data and privacy in the context of public digital telecommunications networks, in particular the integrated services digital network (ISDN) and public digital mobile networks (SYN 288).
87.
Recommendation for a Council Decision on the opening of negotiations with a view to the accession of the European Communities to the Council of Europe Convention for the protection of individuals with regard to the automatic processing of personal data.
88.
Commission Declaration on the application to the institutions and other bodies of the European Communities of the principles contained in the Council Directive concerning the protection of individuals in relation to the processing of personal data.
89.
Draft Resolution of the Representatives of the Governments of the Member States of the European Communities meeting within the Council.
90.
Proposal for a Council Decision in the field of information security.
91.
COM(90) 314 final, p. 2.
92.
Ibid. p. 3.
93.
Ibid.
94.
Ibid. p. 5.
95.
Article 1(1) of 1990 draft Proposal.
96.
Recital 7 of 1990 draft Proposal.
97.
COM(90) 314 final, p. 13.
98.
The French version of the Communication, nevertheless, points out that the Commission had previously noted that data protection had the quality of a fundamental right (COM(90) 314 final, p. 14).
99.
Ibid. p. 5.
100.
Article 1(2) of 1990 draft Proposal.
101.
Referring to divergent interests: (Büllesbach et al. 2010, p. 3).
102.
Ibid. p. 6. The Commission also made a reference to a need, previously mentioned by the Council, to ensure that cooperation between administrations promoting the free movement of persons granted protection to individuals with regard to the use of ‘personalized data banks’ (COM(90) 314 final, p. 4).
103.
Ibid. p. 17.
104.
Single European Act [1987] OJ L169/1.
105.
COM(90) 314 final, p. 12.
106.
Ibid.
107.
Recital 9 of 1990 draft Proposal.
108.
Ibid. Recital 16.
109.
Opinion of the Economic and Social Committee (ESC) on the proposal for a Council Directive concerning the protection of individuals in relation to the processing of personal data, the proposal for a Council Directive concerning the protection of personal data and privacy in the context of public digital telecommunications networks, in particular the integrated services digital network (ISDN) and public digital mobile networks, and the proposal for a Council Decision in the field of information security [1991] OJ C159/38.
110.
Ibid. p. 40.
111.
Ibid.
112.
Opinion of the European Parliament on the Proposal for a Directive I COM(90) 0314– C3-0323/90– SYN 287: Proposal for a Council Directive concerning the protection of individuals in relation the processing of personal data (1st reading), adopted on 11 March 1992 [1992] OJ C94/173 (based on a report by Geoffrey Hoon).
113.
Opinion of the European Parliament… [1992] OJ C94/173, p. 175.
114.
Ibid.
115.
The report of Geoffrey Hoon was partially based on input by the French Mrs Fontaines and Vayssade (Brühann 1999, p. 15).
116.
Treaty on European Union, signed at Maastricht on 7 February 1992 (92/C 191/01) [1992] OJ C191/1.
117.
Amended proposal for a Council Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (92/C 311/04), COM (92) 422 final—SYN 287, submitted by the Commission on 16 October 1992 [1992] OJ C311, p. 38.
118.
Ibid. p. 30.
119.
Referring to the fact that actually staff from the French Commission Nationale de l’Informatique et des Libertés (CNIL) had contributed to the new draft: (Pearce and Platten 1998, p. 533).
120.
At that time, Commissioner for the Internal Market and Industrial Affairs.
121.
Section 4 of Presidency Conclusions of European Council at Corfu, 24–25 June 1994.
122.
Noting the significance of this concession for the UK: (Carlin 1996, p. 65).
123.
Common Position (EC) No 1/95 adopted by the Council on 20 February 1995 with a view to adopting Directive 95/…/EC of the European Parliament and of the Council of… on the protection of individuals with regard to the processing of personal data and on the free movement of such data (95/C 93/01) [1994] OJ C93/1.
124.
Directive 95/46/EC of the European Parliament and Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281/31.
125.
The decision adopted by the European Parliament on such Common position included only a limited number of suggested amendments (Decision of the European Parliament on the common position established by the Council with a view to the adoption of a European Parliament and Council Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (C4-0051/95– 00/0287 (COD)) (Co-decision procedure: second reading) [1994] OJ C166/105.
126.
Article 1(1) of Directive 95/46/EC.
127.
Ibid. Article 18(2).
128.
Recitals 49 and 54, and Article 20(2) Directive 95/46/EC.
129.
Data protection is nevertheless also mentioned when describing a part of the contract between data controllers and data processors (Article 17(4) of Directive 95/46/EC).
130.
Recital 27 reads in its English version: ‘Whereas the protection of individuals must…’ (in French: ‘considérant que la protection des personnes doit…’; in Dutch: ‘Overwegende dat de bescherming van personen…’); cf. the German text: ‘Datenschutz muß…’.
131.
Emphasis added. This formulation is routenily repeated, except in Recital 34, which refers to the responsibility of Member States to protect ‘the fundamental rights and the privacy of individuals’.
132.
Article 1(1) of Directive 95/46/EC.
133.
Ibid. Article 1(2).
134.
Article 1 of Convention 108: ‘The purpose of this convention is to secure in the territory of each Party for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him (“data protection”).’
135.
Emphasis added.
136.
Recital 10 of Directive 95/46/EC.
137.
Danish, Dutch, English, Finnish, French, German, Greek, Italian, Portuguese, Spanish, and Swedish.
138.
It appears also in the very provisions of the Directive: Articles 25(6) and 26(3) of Directive 95/46/EC.
139.
Recital 1 of Directive 95/46/EC.
140.
C-29/69 Stauder v Stadt Ulm [1969] ECR 419, Judgment of the Court of 12 November 1969. Cf. C-22/93 P Campogrande v Commission [1994] ECR I-1375, Judgment of the Court (Fifth Chamber) of 21 April 1994, on the communication by the Commission of the European Communities of the private address of officials to the Belgian authorities.
141.
Arguing in favour of an interpretation in which would transpire an implicit recognition: (Gutiérrez Castillo 2005, p. 17). See also: (Carlos Ruiz 2003, p. 15). In Case T-176/94 (T-176/94 K v Commission [1995] FP-I-A-0020 FP-II-00621, Judgment of the Court of First Instance (Third Chamber) of 13 July 1995) the applicant alleged that the disclosure of information about a dental problem was a violation of both his right to respect for private life under Article 8 of the ECHR and freedom of expression under Article 10 of the ECHR, but the Court of First instance dismissed his application.
142.
C-369/98 Fisher [2000] ECR I-6751, Judgment of the Court (Fourth Chamber) of 14 September 2000.
143.
Council Regulation (EEC) No 3508/92 of 27 November 1992 establishing an integrated administration and control system for certain Community aid schemes [1992] OJ L355/1.
144.
Article 9 of Regulation No 3508/92.
145.
Fisher § 25.
146.
Ibid. § 23.
147.
Recital 10 of Directive 95/46/EC.
148.
Ibid. Recital 11.
149.
Fisher § 34. Referring to this assertion as an isolated instance in ECJ case law: (Battista Petti 2006, p. 247).
150.
Fisher § 31.
151.
Ibid. § 32.
152.
Ibid. § 34.
153.
Ibid. § 33.
154.
Joined Cases C-465/00, C-138/01 and C-139/01 Österreichischer Rundfunk and Others [2003] ECR I-4989, Judgment of the Court of 20 May 2003.
155.
Emphasis added.
156.
Rundfunk § 68.
157.
Ibid.
158.
This expression nevertheless also emerged in the judgment (see, for instance, § 53). In the English translation, these changes are echoed in appearances of both ‘privacy’ and ‘private life’.
159.
Rundfunk § 41–42.
160.
Ibid. § 71.
161.
And in particular its Articles 6(1)(c), 7(c) and (e), and 13 (Rundunk § 72).
162.
Ibid. Advocate General Tizzano had also highlighted Article 8 of the ECHR as a relevant provision for the interpretation of Directive 95/46/EC in his Opinion for the Case. Nevertheless, he had also observed in a footnote that Article 8 of the ECHR had been ‘repeated’ in Article 7 of the Charter, and that Article 8 of the Charter referred specifically to the protection of personal data (Opinion of Advocate General Tizzano in C-465/00 Rundfunk, footnote 3).
163.
Inter alia, Amann v Switzerland [2000] RJD 2000-II, App. No 27798/95, and Rotaru v. Romania [2000] RJD 2000-V, App. No 28341/95, as well as Leander v Sweden [1987] Series A No 116, App. No 9248/81 (Rundfunk § 83).
164.
Also in this sense: (Korff 2004, p. 39). Commenting on Rundfunk as justifying constitutional concern: (De Hert and Gutwirth 2009).
165.
C-101/01 Lindqvist [2003] ECR I-12971, Judgment of the Court of 6 November 2003. See: (Coudray 2004).
166.
Opinion of AG Tizzano in Case C-101/01 Criminal proceedings against Bodil Lindqvist [2003] ECR I-12971.
167.
The English version of Lindqvist initially uses the word ‘privacy’ to refer to the provisions of Directive 95/46/EC (Lindqvist § 3 and 6), but, after mentioning that Article 8 of the ECHR provides for a right to respect for private life (§ 10), shifts to ‘private life’ (§ 86, 88, 97 and 99). The language of the case was Swedish, and the Swedish version invariably uses privatliv(et).
168.
Lindqvist § 99.
169.
Article 1(2) of Directive 95/46/EC.
170.
Not to be confused with the ‘fundamental freedoms’ established by the ECHR.
171.
C-55/94 Gebhard v Consiglio dell’Ordine degli Avvocati e Procuratori di Milano [1995] ECR I-04165, Judgment of the Court of 30 November 1995, § 37. The ECJ has also referred to these principles as ‘fundamental’ principles and ‘foundations’ of the EC Treaty. The free movement of workers has been dealt with as a fundamental right (C-152/82 Forcheri v Belgian State [1983] ECR 2323, Judgment of the Court (Fourth Chamber) of 13 July 1983, § 11), as has, indirectly, the free movement of goods (C-228/98 Dounias [2000] I-577, Judgment of the Court (Sixth Chamber) of 3 February 2000, § 64). See: (Szyszczak and Cygan 2008, p. 154).
172.
Articles 34 and 35 of the Treaty on the Functioning of the EU.
173.
Ibid. Article 56.
174.
Ibid. Article 63.
175.
Ibid. Article 45.
176.
Ibid. Article 49. See also: (Ehlers 2007, p. 176).
177.
Recital 3 of Directive 95/46/EC.
178.
In this sense: (Heil 2010, p. 31). The free movement of goods is primarily concerned with the free flow of products, which need not be tangible objects (Ehlers 2007, p. 176). They should be in principle be capable of constituting the object of commercial transactions, but this requirement is not strict (Epiney 2007, p. 277). Objects not falling under the category of goods could nevertheless be covered through the freedom of movement (Epiney 2007, p. 277).
179.
See, for instance: C-112/00 Schmidberger [2003] ECR I-5659, Judgment of the Court of 12 June 2003; and C-36/02 Omega [2004] ECR I-9609, Judgment of the Court (First Chamber) of 14 October 2004. See also: (Morijn 2006, p. 15).
180.
Recital 11 of Directive 95/46/EC.
181.
In what was described as a comparative exercise (Brun 2002, p. 110).
182.
In addition to Recital 11, see also Recital 25 and 68 of Directive 95/46/EC.
183.
Notably, Convention 108, where Chapter II establishes the ‘Basic principles for data protection’, and the 1980 OECD Guidelines, which list a series of ‘basic principles of national application’ (in Part II).
184.
Which is the title of Section I, that as a matter of fact contains only one Article (Article 6).
185.
Article 3(1) of Directive 95/46/EC.
186.
Article 2(a) of Directive 95/46/EC.
187.
Article 3(2)(b) of Convention 108: Contracting States may inform the Council of Europe that they will also apply it to ‘information relating to groups of persons, associations, foundations, companies, corporations and any other bodies consisting directly or indirectly of individuals, whether or not such bodies possess legal personality’.
188.
Article 3(2) of Directive 95/46/EC.
189.
Ibid. On this provision, see notably: (Wong and Savirimuthu 2008).
190.
Ibid. Article 6(1)(a).
191.
Article 6(1)(b) of Directive 95/46/EC, which also states that ‘(f)urther processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards’.
192.
Ibid. Article 6(1)(c).
193.
Ibid. Article 6(1)(d).
194.
Article 6(1)(e) of Directive 95/46/EC, which adds that ‘Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use’.
195.
Ibid. Article 7(a). Other legitimate grounds include that processing is necessary for the performance of a contract to which the data subject is party (ibid. Article 7(b)); necessary for compliance with a legal obligation (ibid. Article 7(c)); necessary in order to protect the vital interests of the data subject (ibid. Article 7(d)); necessary for the performance of a task carried out in the public interest or in the exercise of official authority (ibid. Article 7(e)); or necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection (ibid. Article 7(f)).
196.
Article 15 of Convention 108.
197.
Article 8(1) of Directive 95/46/EC.
198.
Ibid. Article 8(5).
199.
Although not exactly equivalent. On the differences, regarding both the types of data, and the special treatment granted, see: (Elías Baturones 1998, p. 1217).
200.
In contrast, it was less popular in Germany, where it was perceived as a special gesture towards those unconvinced by the necessity of data protection, but not contributing per se to the efficacy of the approach (see, in this sense: (Simitis 1985, p. 308)).
201.
Section IV.
202.
Article 10 of Directive 95/46/EC.
203.
Ibid. Article 11.
204.
Ibid. Article 12.
205.
Ibid. Article 14.
206.
Ibid. Article 15.
207.
In this sense, also: (Brun 2002, p. 110).
208.
Articles 16 and 17 of Directive 95/46/EC.
209.
Ibid. Articles 18–21. Observing that notification had an anchorage in French, British, and Scandinavian practice: (Heil 2010, p. 10).
210.
Article 13(1) of Directive 95/46/EC.
211.
Article 13(2) of Directive 95/46/EC. This clause reverberated a traditionally Danish approach to grant exceptions for scientific research (Heil (2010) op. cit. 10).
212.
Article 25 of Directive 95/46/EC. For critical assessments of the approach, see for instance: (Raab et al. 1999; Kuner 2009).
213.
Ibid. Article 26.
214.
The Internal Market and Services Directorate-General (DG MARKT), in close consultation with the Directorate-General for the External Relations (DG RELEX).
215.
Safe Harbor Privacy Principles, issued by the US Department of Commerce on 21 July 2000; Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour principles and related frequently asked questions issued by the US Department of Commerce (2006/520/EC) [2000] OJ L215/7. The adoption of this Commission Decision generated some tensions with the European Parliament, due to divergent interpretations on the applicability of the ‘comitology’ procedure followed by the Commission (see, for the Commission point of view: Corrigendum [2000] OJ L115/14). See also: (Regan 2003; Dhont et al. 2004; Busch 2006).
216.
Article 27 of Directive 95/46/EC.
217.
Article 28(1) of Directive 95/46/EC.
218.
Ibid. Article 28(3).
219.
Ibid. Article 28(4).
220.
Ibid. Articles 29 and 30.
221.
See heading of Article 29 of Directive 95/46/EC.
222.
In the French version: Groupe de protection des personnes à l’égard du traitement des données à caractère personnel. Dutch version: Groep voor de bescherming van personen in verband met de verwerking van persoonsgegevens.
223.
On this Working Party, see, notably: (Poullet and Gutwirth 2008).
224.
COM(90) 314 final, p. 8.
225.
The 1990 Communication of the Commission refers notably to Council Resolution of 30 June 1988 on the development of the common market for telecommunications services and equipment up to 1992 (88/C 257/01) [1988] OJ C257/1), where there is only an incidental allusion to the need ‘to see that workers have the right skills to protect personal data’ (ibid. 2); and to Council Resolution of 18 July 1989 on the strengthening of the coordination for the introduction of the Integrated Services Digital Network (ISDN) in the European Community up to 1992 (89/C 196/04) [1988] OJ C196/4), where can be found a call to further discussion ‘regarding user privacy protection requirements’ in the context of features of new services (ibid. p. 5).
226.
The 1990 Communication of the Commission mentions the Resolution of the European Parliament closing the procedure for consultation of the European Parliament on the proposal from the Commission of the European Communities to the Council for a Recommendation on the coordinated introduction of the Integrated Services Digital Network (ISDN) in the European Community of 12 December 1986, Doc. A2-178/86 [1987] OJ C 7/334, which alludes to ensuring, within the emerging ISDN, ‘a consistent level of data privacy protection’ (ibid. p. 335); and a Resolution of the European Parliament on posts and telecommunications (Doc. A 2-259/88) of 14 December 1988 [1989] OJ C12/69, calling upon the Commission to propose ‘measures to ensure data privacy protection and confidentiality’ (ibid. p. 71), and reminding the Commission of its responsibility to accompany legislative proposals on opening telecommunications markets ‘by action at Community level relating to the protection of personal data’ (ibid.).
227.
COM(90) 314 final, p. 7.
228.
Emphasis added.
229.
SYN 288.
230.
Commission of the European Communities, Amended proposal for a European Parliament and Council Directive concerning the protection of personal data and privacy in the context of digital telecommunications networks, in particular the Integrated Services Digital Network (ISDN) and digital mobile networks (presented by the Commission pursuant to Article 189a(2) of the EC Treaty), COM(94) 128 final—COD 288, Brussels, 13.06.1994, p. 11.
231.
Emphasis added.
232.
COM(94) 128 final, p. 11.
233.
Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the protection of consumers in respect of distance contracts [1997] OJ L144/19. See also: (Asscher and Hoogcarspel 2006, p. 20).
234.
On this notion, see notably: (Cavanillas Múgica 2008).
235.
Recital (17) of Directive 97/7/EC.
236.
Ibid. Article 10(1).
237.
Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector [1997] OJ L24/1.
238.
Article 1(1) of Directive 97/66/EC.
239.
Ibid. Article 2.
240.
According to some, in a way that considerably enlarged its scope (Büllesbach et al. 2010, p. 4).
241.
Another example of the way in which Directive 97/66/EC seemingly went beyond Directive 95/46/EC is its mention of the legitimate interests of legal persons (Article 1(2) of Directive 97/66/EC). See: (Martínez Martínez 2004, p. 227).
242.
Recital (17) of Directive 97/66/EC notes: ‘data relating to subscribers processed to establish calls contain information on the private life of natural persons’.
243.
Article 5 of Directive 97/66/EC.
244.
The German version is titled Richtlinie 97/66/EG des Europäischen Parlaments und des Rates vom 15. Dezember 1997 über die Verarbeitung personenbezogener Daten und den Schutz der Privatsphäre im Bereich der Telekommunikation. However, it uses the word Privatleben in Recital 17.
245.
In Recital 19, on ‘privacy options’ for telephone services.
246.
The title of the Portuguese version is Directiva 97/66/Ce do Parlamento Europeu e do Conselho de 15 de Dezembro de 1997 relativa ao tratamento de dados pessoais e à protecção da privacidade no sector das telecomunicações. The Portuguese version refers to vida privada only in Recital 17.
247.
Article 6 of Directive 97/66/EC.
248.
Malone v the United Kingdom [1984] Series A No 82, App. No 8691/79.
249.
Ibid § 84. See also: (Frígols i Brines 2010, p. 48).
250.
Recital (22) of Directive 97/66/EC.
251.
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (’Directive on electronic commerce’) [2000] OJ L78/1 (see Article 7). See also: (Asscher and Hoogcarspel 2006, p. 21).
252.
Article 7 of Directive 97/66/EC.
253.
Signed on 2 October 1997. Treaty of Amsterdam amending the Treaty on European Union, the Treaties establishing the European Communities and certain related acts (97/C 340/01) [1997] OJ C340/1.
254.
Emphasis added.
255.
Article 286(1) of the EC Treaty.
256.
European Commission, Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data (1999/C 376 E/04) (Text with EEA relevance) COM(1999) 337 final—1999/0153(COD) (Submitted by the Commission on 17 September 1999) [1999] OJ C376/24.
257.
Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [2001] OJ L8/1.
258.
Article 3(1) of Regulation (EC) No 45/2001.
259.
Ibid. Article 1(1).
260.
COM(1999) 337 final, p. 25.
261.
See, notably: (Hijmans 2006).
262.
See Chapter V of Regulation (EC) No 45/2001.
263.
COM(90) 314 final, p. 7.
264.
The pillar structure was introduced by the Treaty of Maastricht on 1 November 1993.
265.
The pillar structure collapsed on 1 December 2009 with the entry into force of the Treaty of Lisbon.
266.
Governed by Title V of the EU Treaty after the entry into force of the Maastricht Treaty.
267.
See, on its early years: (Walker 2004).
268.
The Schengen acquis—Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders [2000] OJ L239/19.
269.
Because of its legal basis, and as confirmed in Article 3(2) of Directive 95/46/EC.
270.
Europol was first mentioned by the Maastricht Treaty of 1992 as a Union-wide system for exchanging police information in relation to the fight against terrorism, drug trafficking and other international crime. The idea of its creation was first launched in 1991 (Delarue 2010, p. 145). On Europol and data protection, see also: (Esquinas Valverde 2010).
271.
Convention based on Article K.3 of the Treaty on European Union, on the establishment of a European Police Office (Europol Convention) [1995] OJ C316/2.
272.
See, for instance: Article 10(1)(2) (‘Collection, processing and utilisation of personal data’).
273.
Article 30 of Treaty of Amsterdam.
274.
Europol is now regulated by a Council Decision adopted on 6 April 2009, which became applicable on 1 January 2010 (Council Decision of 6 April 2009 establishing the European Police Office (Europol) [2009] OJ L121/37). See also: (Piris 2010, p. 182).
275.
Recommendation No R(87)15 of the Committee of Ministers of the Council of Europe regulating the use of personal data in the police sector, adopted on 17 September 1987. On this Recommendation, see notably: (Boehm 2012, p. 96 ff.).
276.
See, notably: Council Act 95/C316/02 of 26 July 1995 drawing up the Convention on the use of information technology for customs purposes [1995] OJ C316/33. See also: Council Act 98/C 24/01 of 18 December 1997 drawing up, on the basis of Article K3 of the Treaty on European Union, the Convention on mutual assistance and cooperation between customs administrations [1998] OJ C24/1; it establishes in its Article 25(1) (Data protection for the exchange of data): ‘When information is exchanged, the customs administrations shall take into account in each specific case the requirements for the protection of personal data. They shall respect the relevant provisions of the Convention of the Council of Europe of 28 January1981 for the protection of individuals with regard to automatic processing of personal data’.
277.
After the signature by Portugal and Spain.
278.
Directive 95/46/EC was incorporated in 1999 into the 1992 Agreement on the European Economic Area (EEA), and States which are not members of the EU but party to the EEA Agreement (ie, Norway, Iceland and Liechtenstein) are also legally bound to bring their respective laws into conformity with the Directive.
279.
France, Germany, Ireland, Luxembourg and the Netherlands.
280.
European Commission, Analysis and impact study on the implementation of Directive EC 95/46 in Member States: Technical Annex 1 (2003).
281.
Article 33 of Directive 95/46/EC.
282.
The Internal Market Council of 26 November 2001.
283.
Commissioner Frits Bolkestein.
284.
There were however some punctual provisions dealing with related issues, such as a few clauses in a 1970 statute, limiting the surveillance of workers (Frosini 1982, p. 26).
285.
See: (Cuffaro and Ricciuto 1997).
286.
Article 1(1) of Legge N° 675 of 1996: ‘La presente legge garantisce che il trattamento dei dati personali si svolga nel rispetto dei diritti, delle liberta’ fondamentali, nonche’ della dignita’ delle persone fisiche, con particolare riferimento alla riservatezza e all’identita’ personale; garantisce altresi’ i diritti delle persone giuridiche e di ogni altro ente o associazione’. Describing the wording as an enhanced rewriting of Directive 95/46/EC: (Rodotà 2005, p. 31).
287.
Article 1(1) of Directive 95/46/EC.
288.
On this right, see also: (Riolfo Marengo 1993, p. 1054).
289.
Article 2 of Italian Constitution: ‘i diritti inviolabili dell’uomo, sia come singolo sia nelle formazioni sociali ove si svolge la sua personalità’. See: (Niger 2006, p. 1054). See also: (Rigaux 1990, p. 150). On the elasticity of Article 2 of the Italian Constitution: (Solinas 2011, p. 147).
290.
Some consider this moment as the culmination of a long path towards the construction of the rights of personality in Italy: (Ricciuto 2011, p. 40).
291.
Noting the linkage between the usage of the word privacy in Italian and the regulation of data processing: (Serrano Pérez 2003, p. 37).
292.
In April 1997.
293.
Personal Data Act (personuppgiftslagen) (1998:204), issued on 29 April 1998. It came into force on 24 October 1998.
294.
Passed on 16 July 1998, and entered into force on 1 March 2000, after the issuing of first subsidiary regulations. The Act contains eight principles applicable to the processing of personal data.
295.
This trend appears also in the literature. See, for instance: (Wacks 1989, p. 26), where the following definition of ‘personal information’ is proposed: ‘‘Personal information’ consists of those facts, communications or opinions which relate to the individual and which it would be reasonable to expect him to regard as intimate or sensitive and therefore want to withhold or at least to restrict their collection’.
296.
See, notably: Douglas v Hello! ([2001] QB 967; McKennitt v Ash [2008] QB 73[11]). See also: (Moreham 2001, p. 767).
297.
Lei n.º 10/91 de 29 de Abril.
298.
Article 1 of Law 10/91: ‘O uso da informática deve processar-se de forma transparente e no estrito respeito pela reserva da vida privada e familiar e pelos direitos, liberdades e garantias fundamentais do cidadão’.
299.
Lei n.º 67/98 de 26 de Outubro.
300.
Article 2 of Law 67/98: ‘O tratamento de dados pessoais deve processar-se de forma transparente e no estrito respeito pela reserva da vida privada, bem como pelos direitos, liberdades e garantias fundamentais’.
301.
Wet tot bescherming van de persoonlijke levensfeer ten opzichte van de verwerking van persoonsgegevens, 8 december 1998. See, notably: (Thierry and Poullet 1999).
302.
Which had ratified Convention 108 in 1984.
303.
Since 1982, Spain had the Ley Orgánica 1/1982, de 5 de mayo, de Protección Civil del Derecho al Honor, a la Intimidad Personal y Familiar y a la Propia Imagen (BOE núm. 115 de 15 de mayo de 1982), which included a transitory provision stating that, while there was no instrument developing the mandate of Article 18(4) of the Spanish Constitution, the civil protection of ‘honor y la intimidad personal y familiar’ against unlawful interferences derived from the use of computers were to be regulated by its provisions (Lesmes Serrano 2008, p. 48).
304.
Ley Orgánica 5/1992, de 29 de octubre, de Regulación del Tratamiento Automatizado de los Datos de Carácter Personal (LORTAD) (BOE núm. 262 de 31 de octubre de 1992).
305.
Paragraph 1 of preamble to the LORTAD. This distinction was not sustained in the following paragraphs of the preamble, which went on to advocate the need to delimit new boundaries for intimidad (and honour) to protect them in the face of automated data processing, claiming that the purpose of Article 18(4) of the Constitution was to fix such a boundary. Nonetheless, its discussion illustrated a will to move beyond pre-computers conceptions of privacy (Martínez Martínez 2004, p. 18).
306.
Until then, the doctrine had generally tended to refer to the content of Article 18(4) of the Spanish Constitution in terms echoing the French informatique et libertés, such as libertad informática (‘computer freedom’).
307.
See also: (Gómez Navajas 2005, p. 82).
308.
BOE núm. 298 de 14 de diciembre de 1999. Some provisions of the 1999 LOPD were the object of a constitutional challenge promoted by the Spanish ombudsman, the Defensor del Pueblo, resolved in the emblematic Sentencia Tribunal Constitucional 292/2000, de 30 de noviembre. See, notably: (Abad Amoros 2013). See also Chap. 6, Sect. 6.2.1, of this book.
309.
Cf. Article 1 of the Spanish version of Directive 95/46/EC, not qualifying freedoms as ‘public freedoms’.
310.
Cf. Article 1 of the Spanish version of Directive 95/46/EC, referring just to the particular protection of the ‘derecho a la intimidad’.
311.
Article 1 LOPD. Underlining the absence of any reference to Article 18(4) of the Spanish Constitution: (Murillo de la Cueva 2009, p. 23).
312.
Personuppgiftslag in the Swedish version.
313.
Act 523/1999.
314.
Constitution of Finland (731/1999).
315.
Privatlivet in the Swedish version.
316.
Personliga integriteten in the Swedish version.
317.
Section 1 of Chapter 1 of 1998 Personal Data Act.
318.
Bundesgesetz über den Schutz personenbezogener Daten (Federal Act concerning the Protection of Personal Data) (Datenschutzgesetz 2000– DSG 2000), which came into force on 1 January 2000.
319.
Article 1(1) of DSG 2000.
320.
Article 1(1) of DSG 2000: ‘Jedermann hat, insbesondere auch im Hinblick auf die Achtung seines Privat- und Familienlebens, Anspruch auf Geheimhaltung der ihn betreffenden personenbezogenen Daten, soweit ein schutzwürdiges Interesse daran besteht’.
321.
Act No. 429 of 31 May 2000.
322.
Despite the existence of various differences: necessary changes included to fully adapt the notion of données nominatives to the notion of personal data (Mallet-Poujol 1999, 54). Arguing the change was not particularly significant: (Ponthoreau 1997, p. 127).
323.
Loi n° 2004-801 du 6 août 2004: Loi relative à la protection des personnes physiques à l’égard des traitements de données à caractère personnel et modifiant la loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés.
324.
Ibid. Years later, infringement proceedings on incorrect implementation and application were nevertheless opened against Germany (European Commission, Commission Staff Working Document Annex to the Communication from the Commission to the Council and the European Parliament “Report on the implementation of The Hague Programme for 2007: Follow-up of the implementation of legal instruments in the fields of Justice, Freedom and Security at national level”, 2007 Implementation Scoreboard—Table 2, SEC (2008) 2048, Brussels, 2.7.2008, 2).
325.
Case C-450/00 Commission of the European Communities v Grand Duchy of Luxembourg [2001] ECR I-07069.
326.
Loi du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel (Mém. A- 91 du 13 août 2002, 1836).
327.
Article 1 of 2002 Law.
328.
Case C-459/01.
329.
European Commission (2003) op. cit. 1.
330.
Linking this approach to Canadian practice: (Székely 2009, p. 307).
331.
And to have access to data of public interest, except as otherwise provided by law (Article 1(1) of the 1992 Hungarian Act).
332.
Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Hungary [2000] OJ L215/4.
333.
Zakon o varstvu osebnih podatkov, ZVOP, Ur.l. RS No. 59/99.
334.
Article 1 of the 1999 Slovenian Act.
335.
Riigi Teataja (State Gazette) I 1996, 48, 944. For an English translation, see: <http://www.legaltext.ee/text/en/X70030.htm> accessed 20 March 2013.
336.
Chapter 1 § 1 of 1003 Estonian Law on the Protection of Personal Data.
337.
Lithuania signed Convention 108 in 2000, and ratified it in 2001.
338.
Law on Legal Protection of Personal Data, 21 January 2003, No. IX-1296, Vilnius.
339.
According to its Article 1.
340.
Journal of Laws no. 133, item 883.
341.
Act No 52/1998 on Protection of Personal Data in Filing systems.
342.
The Czech Republic ratified Convention 108 in 2001.
343.
Act No 256 on the Protection of Personal Data in Information Systems.
344.
Article 1 of the Czech Act.
345.
Romania ratified Convention 108 in 2001 (Law no. 682/2001 for ratification the Convention for the Protection of Individuals with regards to Automatic Processing of Personal Data).
346.
Law No. 677/2001 of 21 of November 2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, published in the Official Journal of Romania, Part I No. 790 of the 12th of December 2001.
347.
Law on the Processing of Personal Data (Protection of Individuals) Law 138 (I) 2001.
348.
Maltese Data Protection Act of 2001.

References

Abad Amoros, María Rosa. 2013. El recurso de inconstitucionalidad del Defensor del Pueblo contra la LO 15/99 de Protección de Datos de Carácter Personal. Alfa Redi Revista de Derecho Informático. http://www.alfa-redi.org/rdi-articulo.shtml?x=578. Accessed 8 March 2013.
Anarte Borrallo, Enrique. 2003. Sobre los límites de la protección penal de datos personales. Derecho y Conocimiento 2:225–254.
Google Scholar
Asscher, Lodewijk F., and Sjo Anne Hoogcarspel. 2006. Regulating Spam: A European perspective after the adoption of the E-Privacy Directive. The Hague: Asser.
Book Google Scholar
Bancilhon, F., A. Chamoux, A. Grissonnanche, and Louis Joinet. 1979. Le problème personne physique/personne morale. In Étude sur la confidentialité et la sécurité des données: Rapport final Ã la Commission des Communautés européennes, ed. Gesellschaft für Mathematik und Datenverarbeitung (GMD), Institut national de recherche en informatique et en automatique (INRIA), and National Computing Centre (NCC).
Google Scholar
Barnard, Catherine, and Simon Deakin. 2000. In search of coherence: Social policy, the single market and fundamental rights. Industrial Relations Journal 31 (4): 331–345.
Article Google Scholar
Battista Petti, Giovanni. 2006. La Costituzione Europea e la tutela civile dei Dirtti Umani (Aggiornato alla Legge 15 Dicembre 2005, N. 280). Santarcangelo di Romagna: Maggioli Editore.
Google Scholar
Bigo, Didier, Sergio Carrera, Gloria González Fuster, Elspeth Guild, Hert Paul De, Julien Jeandesboz, and Vagelis Papakonstantinou. 2011. Towards a new EU legal framework for data protection and privacy: Challenges, principles and the role of the European Parliament. Policy Department C on Citizens’ Rights and Constitutional Affairs of the Directorate General for Internal Policies of the European Parliament.
Google Scholar
Boehm, Franziska. 2012. Information Sharing and Data Protection in the Area of Freedom, Security and Justice. Berlin: Springer.
Book Google Scholar
Brouwer, Evelien. 2008. Digital Borders and Real Rights: Effective Remedies for Third-country Nationals in the Schengen Information System. Leiden: Martinus Nijhoff Publishers.
Google Scholar
Brühann, Ulf. 1999. La Directive européenne relative à la protection des données: Fondements, histoire, points forts. Revue française d’administration publique janvier-mars (89): 9–19.
Google Scholar
Brun, Alain. 2002. Rapport introductif sur le rôle du droit comparé dans la préparation du dossier concernant la protection des données. In Le rôle du droit comparé dans l’avènement du Droit européen/The Role of Comparative Law in the Emergence of European Law (Lausanne, 14-15 Avril 2000), 107-125. Zurich: Schuthess.
Google Scholar
Büllesbach, Alfred, Serge Gijrath, Yves Poullet, and Corien Prins, eds. 2010. Concise European IT Law (Second edition). Alphen aan den Rijn: Kluwer Law International.
Google Scholar
Bureau du Parlement Européen. 1974. Procès-verbal de la réunion du 23 avril 1974, Annexe Ad 2, Strasbourg.
Google Scholar
Burkert, Herbert. 1979. Organisation et méthodes d’opération des Autorités de Protection des Données. In Étude sur la confidentialité et la sécurité des données: Rapport final à la Commission des Communautés européennes, ed. Gesellschaft für Mathematik und Datenverarbeitung (GMD), Institut national de recherche en informatique et en automatique (INRIA), and National Computing Centre (NCC), Section 2.
Google Scholar
Busch, Andreas. 2006. From Safe Harbour to the rough sea? Privacy disputes across the Atlantic. SCRIPT-ed 3 (4): 304–321.
Article Google Scholar
Bygrave, Lee A. 2002. Data protection law: Approaching its rationale, logic and limits. The Hague: Kluwer Law International.
Google Scholar
Carlin, Fiona M. 1996. The Data Protection Directive: The introduction of common privacy standards. European Law Review 21 (1): 65–70.
Google Scholar
Carlos Ruiz, Miguel. 2003. El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de la Unión Europea: Análisis crítico. Revista de Derecho Comunitario Europeo 7 (14): 7–43.
Google Scholar
Cavanillas Múgica, Santiago. 2008. Dos derechos emergentes del consumidor: a no ser molestado y a una interacción informativa. Revista General de Legislación y Jurisprudencia 2:175–193.
Google Scholar
Chalmers, Damian, Christos Hadjiemmanuil, Giorgio Monti, and Adam Tomkings. 2006. European Union Law. Cambridge: Cambridge University Press.
Google Scholar
Chalton, Simon. 1997. The transposition into UK Law of EU Directive 95/46/EC (the Data Protection Directive). International Review of Law, Computers & Technology 11 (1): 25–32.
Article Google Scholar
Chalton, Simon. 2004. Reflections on Durant v FSA. Computer Law & Security Report 20 (3): 175–181.
Article Google Scholar
Church, Peter, and Christopher Millard. 2010. Directive 95/46/EC of the European Parliament and of the Council: The data subject’s right to object. In Concise European IT Law (2nd edition), eds. Alfred Büllesbach, Serge Gijrath, Yves Poullet, and Corien Prins, 81-85. Alphen aan den Rijn: Kluwer Law International.
Google Scholar
Commission of the European Communities. 1972. The European Community and data processing: Government development aids permitted, information [Competition] 21/72.
Google Scholar
Commission of the European Communities. 1973a. Scientific and technological policy programme (submitted to the Council by the Commission on 1 August 1973) COM(73) 1250, Parts I & II, 25 July 1973. Bulletin of the European Communities Supplement 14/73.
Google Scholar
Commission of the European Communities. 1973b. Communication by the Commission of the European Communities concerning a Community policy for data processing: Information memo P-63/73.
Google Scholar
Commission of the European Communities. 1973c. Community policy on data processing (Communication of the Commission to the Council). SEC(73) 4300 final. Brussels.
Google Scholar
Commission of the European Communities. 1976. A four-year programme for the development of informatics in the Community (submitted to the Council by the Commission). COM(76) 524 final, Vol. I. Brussels.
Google Scholar
Commission of the European Communities. 1982. Communication from the Commission to the Council on Community data-processing policy: Report on the status of Community programmes at 31 May 1982. COM(82) 452 final. Brussels.
Google Scholar
Commission of the European Communities. 1990. Commission communication on the protection of individuals in relation to the processing of personal data in the Community and information security. COM(90) 314final - SYN 287 and 288. Brussels.
Google Scholar
Commission of the European Communities. 1993. White paper on growth, competitiveness, employment: The challenges and ways forward into the 21st century. COM(93) 700. Brussels.
Google Scholar
Consultative Committee on the Protection of Individuals with regard to Automatic Processing of Personal Data. 1992. Model contract to ensure equivalent protection in the context of transborder data flows with explanatory report (Study made jointly by the Council of Europe, the Commission of the European Communities and International Chamber of Commerce).
Google Scholar
Coudray, Ludovic. 2004. Case C-101/01, Bodil Lindqvist. Common Market Law Review 41:1361–1376.
Google Scholar
Coudray, Ludovic. 2010. La protection des données personnelles dans l’Union européenne: Naissance et consécration d’un droit fondamental. Berlin: Éditions universitaires européennes.
Google Scholar
Craig, Paul, and Búrca Gráinne De. 2011. EU Law: Text, Cases and Materials (5th edn.). Oxford: Oxford University Press.
Book Google Scholar
Critchell-Ward, Ann, and Kara Landsborough-McDonald. 2007. Data protection law in the European Union and the United Kingdom. Comparative Law Yearbook of International Business 29:515–578.
Google Scholar
Cuffaro, Vincenzo, and Vincenzo Ricciuto, eds. 1997. La disciplina del trattamento dei dati personali. Torino: Giappichelli.
Google Scholar
Dammann, Ulrich, and Spiros Simitis. 1997. EG-Datenschutzrichtlinie: Kommentar. Baden-Baden: Nomos.
Google Scholar
De Brouwer, Frédéric. 1999. Protection des données à caractère personnel: Un nouveau cadre légal belge. Revue de Droit Des Affaires Internationales 2:181–206.
Google Scholar
De Hert, Paul, and Serge Gutwirth. 2009. Data protection in the case law of Strasbourg and Lu-xembourg: Constitutionalisation in action. In Reinventing Data Protection?, eds. Serge Gutwirth, Yves Poullet, Paul De Hert, Cécile De Terwangne, and Sjaak Nouwt, 3–44. Dordrecht: Springer.
Chapter Google Scholar
De Schutter, Olivier. 2003. La protection du travailleur vis-à-vis des nouvelles technologies dans l’emploi. Revue trimestrielle des droits de l’homme 54:627–664.
Google Scholar
Delarue, Jean Marie. 2010. Titre VI Dispositions relatives à la Coopération Policière et Judiciaire en matière pénale. In Commentaire article par article des Traités UE et CE: de Rome Ã Lisbonne (2ème edition), ed. Isabelle Pingel. Bâle: Helbing Lichtenhahn.
Google Scholar
Dhont, Jan, María Verónica Pérez Asinari, and Yves Poullet. 2004. Safe Harbour Decision implementation study. Namur.
Google Scholar
Ehlers, Dirk. 2007. The fundamental freedoms of the European Communities. In European Fundamental Rights and Freedoms: General Principles, ed. Dirk Ehlers, 175–225. Berlin: De Gruyter.
Chapter Google Scholar
Electronic Privacy Information Center (EPIC), and Privacy International (PI). 2007. Privacy & Human Rights 2006: An international survey of privacy laws and developments. Washington, D.C. and London: EPIC / PI.
Google Scholar
Elías Baturones, Julio José. 1998. La regulación de los datos sensibles en la Directiva 95/46/EC. Revista Iberoamericana de Derecho Informático 23–26:1217–1248.
Google Scholar
Epiney, Astrid. 2007. Free movement of goods. In European Fundamental Rights and Freedoms: General Principles, ed. Dirk Ehlers, 226–254. Berlin: De Gruyter.
Google Scholar
Esquinas Valverde, Patricia. 2010. Protección de datos personales en la policía europea: El derecho de información sobre los datos y su insuficiente garantía frente a Europol, de acuerdo con la Decisión del Consejo Europeo de 2009, vigente desde Enero 2010. Valencia: Tirant Lo Blanch.
Google Scholar
European Commission. 2003. Analysis and impact study on the implementation of Directive EC 95/46 in Member States: Technical Annex I, accompanying the First Report on the implementation of the Data Protection Directive (95/46/EC), COM/2003/0265 final , Brussels.
Google Scholar
Frígols i Brines, Eliseu. 2010. La protección constitucional de los datos de las comunicaciones: Delimitación de los ámbitos de protección del secreto de las comunicaciones y del derecho de la intimidad a la luz del uso de las nuevas tecnologías. In La protección jurídica de la intimidad, eds. Javier Boix Reig and Ángeles Jareño Leal. Madrid: Iustel.
Google Scholar
Frosini, Vittorio. 1982. Bancos de datos y tutela de la persona. Revista de Estudios Políticos 30:21–40.
Google Scholar
General Secretariat of the Council of the European Communities. 1974. Twenty-second review of the Council’s work: 1 January–31 December 1974.
Google Scholar
Gentot, Michel. 2000. La protection des données personnelles à la croisée des chemins. In La protection de la vie privée dans la société de l’information: Tome 3, ed. Pierre Tabatoni, 24–46. Paris: Presses Universitaires de France.
Google Scholar
Gómez Navajas, Justa. 2005. La protección de los datos personales. Cizur Menor: Aranzadi.
Google Scholar
Guerrero Picó, María del Carmen. 2006. El impacto de Internet en el derecho fundamental a la protección de datos de carácter personal. Cizur Menor: Thomson Civitas.
Google Scholar
Gutiérrez Castillo, Víctor Luís. 2005. Aproximación a la protección jurídica internacional del derecho de acceso y protección de datos en Europa. Derecho y Conocimiento 3:1–19.
Google Scholar
Heil, Helmut. 2010. Directive 95/46/EC of the European Parliament and of the Council: Introductory remarks. In Concise European IT Law (Second Edition), eds. Alfred Büllesbach, Serge Gijrath, Yves Poullet, and Corien Prins, 9–32. Alphen aan den Rijn: Kluwer Law International.
Google Scholar
High Level Group on the Information Society (Bangemann Group). 1994. Europe and the global information society: Recommendations to the Corfu European council. Bulletin of the European Union Supplement 2/94.
Google Scholar
Hijmans, Hielke. 2006. The European Data Protection Supervisor: The institutions of the EC controlled by an independent authority. Common Market Law Review 43:1313–1342.
Google Scholar
Kingreen, Thorsten. 2011. Fundamental Freedoms. In Principles of European Constitutional Law (Revised Second Edition), eds. Armin Von Bogdandy and Jürgen Bast, 515–549. Oxford: Hart Publishing.
Google Scholar
Korff, Douwe. 2004. The legal framework: An analysis of the ‘Constitutional’ European approach to issues of data protection and law enforcement. UK Information Commissioner study project: Privacy & law enforcement.
Google Scholar
Kotschy, Waltraut. 2010. Directive 95/46/EC of the European Parliament and of the Council: Exemptions and restrictions. In Concise European IT Law (2nd edition), eds. Alfred Büllesbach, Serge Gijrath, Yves Poullet, and Corien Prins, 76–81. Alphen aan den Rijn: Kluwer Law International.
Google Scholar
Kranenborg, Herke. 2008. Access to documents and data protection in the European Union: On the public nature of personal data. Common Market Law Review 45 (4): 1079–1114.
Google Scholar
Kuner, Christopher. 2009. Developing an adequate legal framework for international data transfers. In Reinventing data protection?, eds. Serge Gutwirth, Yves Poullet, Paul De Hert, Cécile De Terwangne, and Sjaak Nouwt, 263–273. Dordrecht: Springer.
Google Scholar
Lesmes Serrano, Carlos. 2008. La Ley de Protección de Datos: Análisis y comentario de su jurisprudencia. Valladolid: Lex Nova.
Google Scholar
Magnusson-Sjoberg, Cécilia. 1999. La mise en oeuvre de la Directive en Suède: Une source de remous juridiques. Revue française d’administration publique janvier-mars (89): 37–48.
Google Scholar
Mallet-Poujol, Nathalie. 1999. La réforme de la Loi ‘Informatique et Libertés’. Revue française d’administration publique janvier-mars (89): 49–62.
Google Scholar
Martínez Martínez, Ricard. 2004. Una aproximación crítica a la autodeterminación informativa. Madrid: Thomson Civitas.
Google Scholar
Moreham, N. A. 2001. Cases: Douglas and others v Hello! Ltd—The protection of privacy in English private law. The Modern Law Review Limited 64 (5): 767–774.
Article Google Scholar
Morijn, John. 2006. Balancing fundamental rights and common market freedoms in Union law: Schmidberger and Omega in the light of the European constitution. European Law Journal 12 (1): 15–40.
Article Google Scholar
Murillo, de la Cueva, and Lucas Pablo. 2009. La construcción del derecho a la autodeterminación informativa y las garantías para su efectividad. In El derecho a la autodeterminación informativa, eds. Pablo Lucas Murillo de la Cueva and José Luis Piñar Mañas, 11–80. Madrid: Fundación Coloquio Jurídico Europeo.
Google Scholar
Niger, Sergio. 2006. Le nuove dimensioni della privacy: Dal diritto alla riservatezza alla protezione dei dati personali. Padova: CEDAM.
Google Scholar
O’ Cinneide, Colm, Myriam Hunter-Henin, and Jörg Fedke. 2006. ‘Privacy’ in J. M. Smits (ed), (Edward Elgar 2006). In Elgar Encyclopedia of Comparative Law, ed. J. M. Smits, 554–565. Cheltenham: Edward Elgar.
Google Scholar
Oliver, Peter. 2009. The protection of privacy in the economic sphere before the Court of Justice. Common Market Law Review 46:1443–1483.
Google Scholar
Oreja Aguirre, Marcelino, and Francisco Fonseca Morillo. 1998. El Tratado de Ámsterdam: Análisis y comentarios, Volumen I. Madrid: McGraw Hill.
Google Scholar
Papapavlou, George. 1992. Latest developments concerning the E.C. draft Data Protection Directives. In Recent developments in data privacy law, ed. Jos Dumortier, 29–57. Leuven: Leuven University Press.
Google Scholar
Pearce, Graham, and Nicholas Platten. 1998. Achieving personal data protection in the European Union. Journal of Common Market Studies 36 (4) (December): 529–547.
Google Scholar
Peers, Steve. 2006. EU Justice and Home Affairs law (2nd Edition). Oxford: Oxford University Press.
Google Scholar
Pino, Giorgio. 2002. Giudizi Di Valore e Dottrine Civilistiche: Il Caso Dei Diritti Della Personalità. Diritti & Questioni Pubbliche 2 (agosto): 132–173.
Google Scholar
Pino, Giorgio. 2006. Il Diritto all’identità personale ieri e oggi: Informazione, Mercato, dati personali. In Libera circolazione e protezione dei dati personali, ed. Rocco Panetta. Milano: Giuffrè.
Google Scholar
Piris, Jean-Claude. 2010. The Lisbon Treaty: A Legal and Political Analysis. Cambridge: Cambridge University Press.
Book Google Scholar
Poiares Maduro, Miguel. 1998. We the Court: The European Court of Justice and the European Economic Constitution: A Critical Reading of Article 30 of the EC Treaty. Oxford: Hart Publishing.
Google Scholar
Ponthoreau, Marie-Claire. 1997. La Directive 95/46 CE du 24 octobre 1995 relative à la Protection des Personnes Physiques à l’égard du Traitement des Données à Caractère Personnel et à la Libre Circulation de ces Données. Revue Française de Droit Administratif 13 (1 (janvier–février)): 125–150.
Google Scholar
Pospíšil, Filip, and Marek Tichy. 2010. Comparative study on different approaches to new privacy challenges, in particular in the light to technological developments: Country study A.1: Czech Republic. European Commission.
Google Scholar
Poullet, Yves, and Serge Gutwirth. 2008. The contribution of the Article 29 Working Party to the construction of a harmonised European data protection system: An illustration of ‘Reflexive Governance’? In Défis du droit à la protection de la vie privée: Challenges of Privacy and DataProtection Law, eds. María Verónica Pérez Asinari and Pablo Palazzi. Bruxelles: Bruylant.
Google Scholar
Raab, Charles D., Colin J. Bennett, Robert M. Gellman, and Nigel Walters. 1999. Application of a methodology designed to assess the adequacy of the level of protection of individuals with regard to processing personal data: Test of the method on several categories of transfer. European Commission.
Google Scholar
Regan, Priscilla M. 2003. Safe harbors or free frontiers? Privacy and transborder data flows. Journal of Social Issue 59 (2): 263–282.
Article Google Scholar
Ricciuto, Vincenzo. 2011. Consentimiento y autodeterminación informativa: La experiencia italiana. In Protección de datos personales en la sociedad de la información y la vigilancia, ed. María Rosa Llácer Matacás, 39–59. Las Rozas: La Ley.
Google Scholar
Rigaux, François. 1990. La Protection de la vie privée et des autres biens de la personnalité. Bruxelles: Bruylant.
Google Scholar
Rigaux, François. 2002. What about individual rights in a society of mass information? In Privacy protection in the information society, eds. Pierre Tabatoni and François Terré, 35–52. ALL European Academies.
Google Scholar
Riolfo Marengo, Silvio, ed. 1993. Enciclopedia Garzanti del Diritto. Milano: Garzanti.
Google Scholar
Rodotà, Stefano. 2005. Intervista su Privacy e Libertà a cura di Paolo Conti. Roma: Editori Laterza.
Google Scholar
Saarenpää, Ahti. 2008. Perspectives on Privacy. In Legal Privacy, ed. Ahti Saarenpää, 19–63. Zaragoza: Prensas Universitarias.
Google Scholar
Seipel, Peter. 1996. Comments on the EC Data Protection Directive: The view from Sweden. The Journal of Information, Law and Technology (JILT) 1. http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/1996_1/seipel/. Accessed 10 March 2013.
Serrano Pérez, Mercedes. 2003. El derecho fundamental a la protección de datos: Derecho español y comparado. Madrid: Thomson Civitas.
Google Scholar
Simitis, Spiros. 1985. Les garanties générales quant à la qualité des données à caractère personnel faisant l’objet d’un traitement automatisé. In Informatique et Droit en Europe: Actes du Colloque organisé par la Faculté de Droit avec la participation de l’Association Belge des Juristes d’entreprise les 14, 15 et 16 juin 1984, Bruxelles, ed. Centre d’informatique appliquée au droit de la Faculté de droit de l’Université Libre de Bruxelles, 305–315. Bruxelles: Bruylant.
Google Scholar
Simitis, Spiros. 2006. Einleitung: Geschichte - Ziele - Prinzipien. In Bundesdatenschutzgesetz, ed. Spiros Simitis, 61–153. Baden Baden: Nomos.
Google Scholar
Solinas, Carla. 2011. Tutela de la persona y tratamiento de los datos personales: Derecho interno y jurisprudencia del Tribunal Europeo de los Derechos Humanos y de las Libertades Fundamentales. In Protección de Datos Personales en la Sociedad de la Información y la Vigilancia, edited by María Rosa Llácer Matacás, 133–171. Las Rozas: La Ley.
Google Scholar
Spinelli, Altiero. 1974. Letter to Cornelis Berkhouwer, President of the European Parliament, of 21 March 1974, PE 36.587 (BUR), Annexe Ad 9.
Google Scholar
Sudre, Frédéric. 2005. Droit européen et international des droits de l’homme (7th edition). Paris: Presses Universitaires de France.
Google Scholar
Székely, Iván. 2009. Freedom of information versus privacy: Friends or foes? In Reinventing Data Protection?, eds. Serge Gutwirth, Yves Poullet, Paul De Hert, Cécile De Terwangne, and Sjaak Nouwt, 293–316. Dordrecht: Springer.
Chapter Google Scholar
Szyszczak, Erika, and Adam Cygan. 2008. Understanding EU Law. London: Sweet & Maxwell.
Google Scholar
Teenage Fanclub. 1990. Everything Flows. A Catholic Education. Matador.
Google Scholar
Thierry, Léonard, and Yves Poullet. 1999. La protection des données à caractère personnel en pleine (r)évolution: La Loi du 11 décembre 1998 transposant la Directive 95/46/CE du 24 Octobre 1995. Journal des Tribunaux 118 ((5928, 22 mai 1999)): 377–396.
Google Scholar
Thomas-Sertillanges, Jean-Baptiste, and Elisabeth Quillatre. 2011. Libre circulation des données à caractère personnel au sein du marché intérieur et de l’espace de Liberté Sécurité Justice: Vers une diversification des instruments de régulation. Petites Affiches 400:3–9.
Google Scholar
Wacks, Raymond. 1989. Personal Information: Privacy and the Law. Oxford: Oxford University Press.
Google Scholar
Walker, Neil. 2004. In search of the Area of Freedom, Security and Justice: A constitutional Odyssey. In Europe’s Area of Freedom, Security and Justice, ed. Neil Walker. Oxford: Oxford University Press.
Chapter Google Scholar
Walter, Christian. 2007. The notion of European fundamental rights and freedoms. In European fundamental rights and freedoms, ed. Dirk Ehlers, 1–24. Berlin: De Gruyter.
Google Scholar
Westin, Alan F. 2003. Social and Political Dimensions of Privacy. Journal of Social Issues 59 (2): 431–453.
Article Google Scholar
Wong, Rebecca, and Joseph Savirimuthu. 2008. All or nothing: This is the question? The application of art. 3(2) Data Protection Directive 95/46/EC to the internet. John Marshall Journal of Computer & Information Law 25 (2): 241–266.
Google Scholar
Zerdick, Thomas. 1995. European aspects of data protection: What rights for the citizen? Legal Issues of European Integration 2:59–86.
Google Scholar

Download references

Author information

Authors and Affiliations

Law, Science, Technology and Society (LSTS), Vrije Universiteit Brussel (VUB), Brussels, Belgium
Gloria González Fuster

Authors

Gloria González Fuster
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gloria González Fuster .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

González Fuster, G. (2014). The Beginning of EU Data Protection. In: The Emergence of Personal Data Protection as a Fundamental Right of the EU. Law, Governance and Technology Series(), vol 16. Springer, Cham. https://doi.org/10.1007/978-3-319-05023-2_5

Download citation

DOI: https://doi.org/10.1007/978-3-319-05023-2_5
Published: 29 April 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05022-5
Online ISBN: 978-3-319-05023-2
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)

Publish with us

Policies and ethics